Improve functional coverage of request ID integration test

smallstep · Mar 4, 2024 · d392c16 · d392c16
1 parent 7fd524f
commit d392c16
Show file tree

Hide file tree

Showing 12 changed files with 402 additions and 286 deletions.
diff --git a/authority/provisioner/webhook_test.go b/authority/provisioner/webhook_test.go
@@ -17,13 +17,15 @@ import (
 	"testing"
 	"time"
 
-	"github.com/smallstep/certificates/internal/requestid"
-	"github.com/smallstep/certificates/webhook"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
 	"go.step.sm/crypto/pemutil"
 	"go.step.sm/crypto/x509util"
 	"go.step.sm/linkedca"
+
+	"github.com/smallstep/certificates/internal/requestid"
+	"github.com/smallstep/certificates/webhook"
 )
 
 func TestWebhookController_isCertTypeOK(t *testing.T) {
@@ -103,7 +105,8 @@ func TestWebhookController_isCertTypeOK(t *testing.T) {
 
 // withRequestID is a helper that calls into [requestid.NewContext] and returns
 // a new context with the requestID added.
-func withRequestID(ctx context.Context, requestID string) context.Context {
+func withRequestID(t *testing.T, ctx context.Context, requestID string) context.Context {
+	t.Helper()
 	return requestid.NewContext(ctx, requestID)
 }
 
@@ -138,7 +141,7 @@ func TestWebhookController_Enrich(t *testing.T) {
 				webhooks:     []*Webhook{{Name: "people", Kind: "ENRICHING"}},
 				TemplateData: x509util.TemplateData{},
 			},
-			ctx:                withRequestID(context.Background(), "reqID"),
+			ctx:                withRequestID(t, context.Background(), "reqID"),
 			req:                &webhook.RequestBody{},
 			responses:          []*webhook.ResponseBody{{Allow: true, Data: map[string]any{"role": "bar"}}},
 			expectErr:          false,
@@ -153,7 +156,7 @@ func TestWebhookController_Enrich(t *testing.T) {
 				},
 				TemplateData: x509util.TemplateData{},
 			},
-			ctx: withRequestID(context.Background(), "reqID"),
+			ctx: withRequestID(t, context.Background(), "reqID"),
 			req: &webhook.RequestBody{},
 			responses: []*webhook.ResponseBody{
 				{Allow: true, Data: map[string]any{"role": "bar"}},
@@ -177,7 +180,7 @@ func TestWebhookController_Enrich(t *testing.T) {
 				TemplateData: x509util.TemplateData{},
 				certType:     linkedca.Webhook_X509,
 			},
-			ctx: withRequestID(context.Background(), "reqID"),
+			ctx: withRequestID(t, context.Background(), "reqID"),
 			req: &webhook.RequestBody{},
 			responses: []*webhook.ResponseBody{
 				{Allow: true, Data: map[string]any{"role": "bar"}},
@@ -197,7 +200,7 @@ func TestWebhookController_Enrich(t *testing.T) {
 				TemplateData: x509util.TemplateData{},
 				options:      []webhook.RequestBodyOption{webhook.WithX5CCertificate(cert)},
 			},
-			ctx:                withRequestID(context.Background(), "reqID"),
+			ctx:                withRequestID(t, context.Background(), "reqID"),
 			req:                &webhook.RequestBody{},
 			responses:          []*webhook.ResponseBody{{Allow: true, Data: map[string]any{"role": "bar"}}},
 			expectErr:          false,
@@ -220,7 +223,7 @@ func TestWebhookController_Enrich(t *testing.T) {
 				webhooks:     []*Webhook{{Name: "people", Kind: "ENRICHING"}},
 				TemplateData: x509util.TemplateData{},
 			},
-			ctx:                withRequestID(context.Background(), "reqID"),
+			ctx:                withRequestID(t, context.Background(), "reqID"),
 			req:                &webhook.RequestBody{},
 			responses:          []*webhook.ResponseBody{{Allow: false}},
 			expectErr:          true,
@@ -235,7 +238,7 @@ func TestWebhookController_Enrich(t *testing.T) {
 					PublicKey: []byte("bad"),
 				})},
 			},
-			ctx:                withRequestID(context.Background(), "reqID"),
+			ctx:                withRequestID(t, context.Background(), "reqID"),
 			req:                &webhook.RequestBody{},
 			responses:          []*webhook.ResponseBody{{Allow: false}},
 			expectErr:          true,
@@ -296,7 +299,7 @@ func TestWebhookController_Authorize(t *testing.T) {
 				client:   http.DefaultClient,
 				webhooks: []*Webhook{{Name: "people", Kind: "AUTHORIZING"}},
 			},
-			ctx:       withRequestID(context.Background(), "reqID"),
+			ctx:       withRequestID(t, context.Background(), "reqID"),
 			req:       &webhook.RequestBody{},
 			responses: []*webhook.ResponseBody{{Allow: true}},
 			expectErr: false,
@@ -307,7 +310,7 @@ func TestWebhookController_Authorize(t *testing.T) {
 				webhooks: []*Webhook{{Name: "people", Kind: "AUTHORIZING", CertType: linkedca.Webhook_X509.String()}},
 				certType: linkedca.Webhook_SSH,
 			},
-			ctx:       withRequestID(context.Background(), "reqID"),
+			ctx:       withRequestID(t, context.Background(), "reqID"),
 			req:       &webhook.RequestBody{},
 			responses: []*webhook.ResponseBody{{Allow: false}},
 			expectErr: false,
@@ -318,7 +321,7 @@ func TestWebhookController_Authorize(t *testing.T) {
 				webhooks: []*Webhook{{Name: "people", Kind: "AUTHORIZING"}},
 				options:  []webhook.RequestBodyOption{webhook.WithX5CCertificate(cert)},
 			},
-			ctx:       withRequestID(context.Background(), "reqID"),
+			ctx:       withRequestID(t, context.Background(), "reqID"),
 			req:       &webhook.RequestBody{},
 			responses: []*webhook.ResponseBody{{Allow: true}},
 			expectErr: false,
@@ -339,7 +342,7 @@ func TestWebhookController_Authorize(t *testing.T) {
 				client:   http.DefaultClient,
 				webhooks: []*Webhook{{Name: "people", Kind: "AUTHORIZING"}},
 			},
-			ctx:       withRequestID(context.Background(), "reqID"),
+			ctx:       withRequestID(t, context.Background(), "reqID"),
 			req:       &webhook.RequestBody{},
 			responses: []*webhook.ResponseBody{{Allow: false}},
 			expectErr: true,
@@ -352,7 +355,7 @@ func TestWebhookController_Authorize(t *testing.T) {
 					PublicKey: []byte("bad"),
 				})},
 			},
-			ctx:       withRequestID(context.Background(), "reqID"),
+			ctx:       withRequestID(t, context.Background(), "reqID"),
 			req:       &webhook.RequestBody{},
 			responses: []*webhook.ResponseBody{{Allow: false}},
 			expectErr: true,
@@ -568,7 +571,7 @@ func TestWebhook_Do(t *testing.T) {
 
 			ctx := context.Background()
 			if tc.requestID != "" {
-				ctx = withRequestID(context.Background(), tc.requestID)
+				ctx = withRequestID(t, ctx, tc.requestID)
 			}
 			ctx, cancel := context.WithTimeout(ctx, time.Second*10)
 			defer cancel()

diff --git a/ca/client/requestid.go b/ca/client/requestid.go
@@ -2,17 +2,17 @@ package client
 
 import "context"
 
-type requestIDKey struct{}
+type contextKey struct{}
 
 // NewRequestIDContext returns a new context with the given request ID added to the
 // context.
 func NewRequestIDContext(ctx context.Context, requestID string) context.Context {
-	return context.WithValue(ctx, requestIDKey{}, requestID)
+	return context.WithValue(ctx, contextKey{}, requestID)
 }
 
 // RequestIDFromContext returns the request ID from the context if it exists.
 // and is not empty.
 func RequestIDFromContext(ctx context.Context) (string, bool) {
-	v, ok := ctx.Value(requestIDKey{}).(string)
+	v, ok := ctx.Value(contextKey{}).(string)
 	return v, ok && v != ""
 }
diff --git a/ca/provisioner_test.go b/ca/provisioner_test.go
@@ -7,6 +7,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/stretchr/testify/require"
+
 	"go.step.sm/crypto/jose"
 	"go.step.sm/crypto/pemutil"
 	"go.step.sm/crypto/x509util"
@@ -41,14 +43,12 @@ func getTestProvisioner(t *testing.T, caURL string) *Provisioner {
 }
 
 func TestNewProvisioner(t *testing.T) {
-	ca := startCATestServer()
+	ca := startCATestServer(t)
 	defer ca.Close()
 	want := getTestProvisioner(t, ca.URL)
 
 	caBundle, err := os.ReadFile("testdata/secrets/root_ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	type args struct {
 		name         string

diff --git a/ca/tls_options_test.go b/ca/tls_options_test.go
@@ -10,6 +10,8 @@ import (
 	"sort"
 	"testing"
 
+	"github.com/stretchr/testify/require"
+
 	"github.com/smallstep/certificates/api"
 )
 
@@ -196,23 +198,17 @@ func TestAddClientCA(t *testing.T) {
 
 //nolint:gosec // test tls config
 func TestAddRootsToRootCAs(t *testing.T) {
-	ca := startCATestServer()
+	ca := startCATestServer(t)
 	defer ca.Close()
 
 	client, err := NewClient(ca.URL, WithRootFile("testdata/secrets/root_ca.crt"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	clientFail, err := NewClient(ca.URL, WithTransport(http.DefaultTransport))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	root, err := os.ReadFile("testdata/secrets/root_ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	cert := parseCertificate(t, string(root))
 	pool := x509.NewCertPool()
@@ -251,23 +247,17 @@ func TestAddRootsToRootCAs(t *testing.T) {
 
 //nolint:gosec // test tls config
 func TestAddRootsToClientCAs(t *testing.T) {
-	ca := startCATestServer()
+	ca := startCATestServer(t)
 	defer ca.Close()
 
 	client, err := NewClient(ca.URL, WithRootFile("testdata/secrets/root_ca.crt"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	clientFail, err := NewClient(ca.URL, WithTransport(http.DefaultTransport))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	root, err := os.ReadFile("testdata/secrets/root_ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	cert := parseCertificate(t, string(root))
 	pool := x509.NewCertPool()
@@ -306,28 +296,20 @@ func TestAddRootsToClientCAs(t *testing.T) {
 
 //nolint:gosec // test tls config
 func TestAddFederationToRootCAs(t *testing.T) {
-	ca := startCATestServer()
+	ca := startCATestServer(t)
 	defer ca.Close()
 
 	client, err := NewClient(ca.URL, WithRootFile("testdata/secrets/root_ca.crt"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	clientFail, err := NewClient(ca.URL, WithTransport(http.DefaultTransport))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	root, err := os.ReadFile("testdata/secrets/root_ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	federated, err := os.ReadFile("testdata/secrets/federated_ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	crt1 := parseCertificate(t, string(root))
 	crt2 := parseCertificate(t, string(federated))
@@ -371,28 +353,20 @@ func TestAddFederationToRootCAs(t *testing.T) {
 
 //nolint:gosec // test tls config
 func TestAddFederationToClientCAs(t *testing.T) {
-	ca := startCATestServer()
+	ca := startCATestServer(t)
 	defer ca.Close()
 
 	client, err := NewClient(ca.URL, WithRootFile("testdata/secrets/root_ca.crt"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	clientFail, err := NewClient(ca.URL, WithTransport(http.DefaultTransport))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	root, err := os.ReadFile("testdata/secrets/root_ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	federated, err := os.ReadFile("testdata/secrets/federated_ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	crt1 := parseCertificate(t, string(root))
 	crt2 := parseCertificate(t, string(federated))
@@ -436,23 +410,17 @@ func TestAddFederationToClientCAs(t *testing.T) {
 
 //nolint:gosec // test tls config
 func TestAddRootsToCAs(t *testing.T) {
-	ca := startCATestServer()
+	ca := startCATestServer(t)
 	defer ca.Close()
 
 	client, err := NewClient(ca.URL, WithRootFile("testdata/secrets/root_ca.crt"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	clientFail, err := NewClient(ca.URL, WithTransport(http.DefaultTransport))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	root, err := os.ReadFile("testdata/secrets/root_ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	cert := parseCertificate(t, string(root))
 	pool := x509.NewCertPool()
@@ -491,28 +459,20 @@ func TestAddRootsToCAs(t *testing.T) {
 
 //nolint:gosec // test tls config
 func TestAddFederationToCAs(t *testing.T) {
-	ca := startCATestServer()
+	ca := startCATestServer(t)
 	defer ca.Close()
 
 	client, err := NewClient(ca.URL, WithRootFile("testdata/secrets/root_ca.crt"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	clientFail, err := NewClient(ca.URL, WithTransport(http.DefaultTransport))
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	root, err := os.ReadFile("testdata/secrets/root_ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	federated, err := os.ReadFile("testdata/secrets/federated_ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	crt1 := parseCertificate(t, string(root))
 	crt2 := parseCertificate(t, string(federated))